1. Computing

Internet Explorer Zero-Day Bug Used in Google Attack

Geoff Duncan
By
internet-explorer-logo

Microsoft has acknowledged a so-called zero-day vulnerability in Microsoft Internet Explorer was used in attacks on Google and 20 or more other companies doing business doing business in China. Microsoft’s notification about the flaw coincided with a public statement from computer security firm McAfee, describing the bug and how it was used to target Google and other corporate networks.

The flaw impacts all officially supported combinations of Microsoft’s Internet Explorer browser and Windows operating system, with the sole exception of using very-old Internet Explorer 5.01 on Windows 2000 Service Pack 4. That means that essentially anyone using Internet Explorer 6, 7, or 8 on Windows 2000 SP4, Windows XP, Windows Vista, Windows 7, and Windows Server is vulnerable to the problem, across both 32- and 64-bit versions of the operating systems.

Attackers—which VeriSign’s iDefense has identified as the Chinese government or agents thereof—exploited the flaw by sending messages to targeted Google employees, forged to look like they were from a trusted source. If a user clicked a malicious link in the message, the users’ computers were compromised, downloading and installing backdoor software that enabled attackers to gain complete control of the computer. Presumably, from there, attackers monitored computer usage and data in an effort to obtain passwords and other valuable information.

McAfee is dubbing the attacks against Google and other companies’ operations in China “operation Aurora” because the word “Aurora” appears in file paths included in two of the malware binaries associated with the attack. The pathname would presumably have come from the attackers’ systems. McAfee describes “Operation Aurora” as a coordinated, highly targeted attack going after high profiled companies and their intellectual property, coordinated to take place while many employees were away on December holidays to maximize the amount of time the attack could operate. “All I can say is wow,” wrote McAfee CTO George Kurtz. “The world has changed. Everyone’s threat model now needs to be adapted to the new reality of these advanced persistent threats.”

Editors' Recommendations

How to use AirDrop on a Mac

how to use airplay mac airdrop feature

The best VPN services for 2022

best VPN services

Best Adobe Photoshop deals for January 2022

Close up of Adobe Photoshop app icon being chosen from among other Adobe apps on a laptop screen.

How to change your Gmail name

New Gmail widget on iPhone.

With Tesla bleeding money, Elon Musk initiates hardcore spending review

Tesla Model Y front

Best Nintendo Switch deals and bundles for January 2022

Nintendo Switch deal walmart discount bundle sale Super Mario Odyssey

The best laptops in 2022

hp microsoft dell laptop deals amazon best buy back to school sale 2020 xps 13 01 3 2 720x720

The best laptop brands for 2022

best laptop brands

Blindfolded Sekiro speedrunner has Elden Ring in his sights

Mitchriz playing Sekiro: Shadows Die Twice blindfolded at AGDQ 2022.

The best running headphones for 2022

Women running wearing earbuds.

The best 4K laptops for 2022

Dell XPS 13 2019 review (9380)

The best touchscreen laptops for 2022

HP Spectre x360 15 2019 review

Common Samsung Galaxy Z Flip 3 problems and how to fix them

Galaxy Z Flip 3 closed with Cover Screen active.